You could have a Yahoo account without even knowing it

NEW YORK–Think you’re not affected by the massive hack of 500 million Yahoo accounts? Think again.

Just because you don’t have a Yahoo email account doesn’t mean you’re off the hook.

There are plenty of other types of accounts that put users at risk.

Play fantasy sports on Yahoo Sports?

Post pictures on Flickr?

Or maybe you just stopped using your Yahoo email years ago.

If so, you might be a hacking victim, according to a leading Internet security expert.

“There are lots of people, millions of people, who don’t understand they have a Yahoo account,” said Per Thorsheim, a global cybersecurity expert based in Norway. And the reason that those hacks are worrisome is that even if the person wasn’t using the account any longer, it’s the type of information stolen that puts them at risk. Yahoo has said stolen information includes names, email addresses, telephone numbers, dates of birth, passwords and, in some cases, encrypted or unencrypted security questions and answers.

“The idea that ‘I don’t use that account any more, I don’t have to worry about it.’ – in most cases, unfortunately that’s wrong,” he said. “If you have an account that you don’t use, you should delete it. But very few people do that. I’m guilty of not doing that myself.”

The hack, disclosed by Yahoo on Wednesday, occurred in 2013.

Yahoo did say that the latest breach did not include financial information, nor the accounts of its blogging service Tumblr. But it did not respond to questions as to whether its fantasy sports service or its photo site Flickr was affected.

Thorsheim said even he was shocked by the size of this hack, which he says is the largest in history. And he says it’s particularly worrisome that Yahoo wasn’t aware that it occurred until three years later, and that it believes this a completely separate hack from the one it announced in September which affected 500 million accounts. That 500 million account hack occurred in 2014.

“One breach going by undetected for several years is severe enough,” said Thorsheim. “If they are now admitting to two breaches, it raises the question: How many are there actually? There could there be even more.”